fedora-bootstrap lower than 1.0.3 is using an upstream bootstrap 4.0 release that's less than alpha.6, which requires unsafe-eval in the CSP header, due to their use of "new Function": https://github.com/twbs/bootstrap/blob/v4.0.0-alpha.5/js/src/util.js#L124.
This was fixed in the commit (with awesome commit message "grunt") https://github.com/twbs/bootstrap/commit/d1171ac44ad05a1b7244900b690840093d3e5573#diff-2757cd21af75a7f198f845bbd0a1a748L152 which was introduced in alpha.6.
I'd appreciate it immensely if we can get all applications using 1.0.2 or earlier to migrate to 1.0.3. Is there a migration guide with what one would need to change to be able to update? Or should we technically be able to just symlink/redirect 1.0.1 and 1.0.2 on apps.fedoraproject.org to the 1.0.3 copy and have everything Just Work?
We may be able to just bump these up -- though not sure what might happen -- things will break in the UI.
We should try to get a list of the apps that are using these older versions, so i can work on migrating them to newer versions...
I have been working on updating Bodhi to use 1.0.3 in https://github.com/fedora-infra/bodhi/pull/2533. I could really use an upgrade guide, or some comments on what I need to change, because Bodhi doesn't look right at all with 1.0.3.
Here is a screenshot of what I mean:
<img alt="Screenshot_from_2019-01-09_15-08-08.png" src="/fedora-bootstrap/issue/raw/files/4fc7884de7413efc1ca3edb2518ae44fd8d730db42c0acdb8faf2bced2d4e0c4-Screenshot_from_2019-01-09_15-08-08.png" />
Metadata Update from @ryanlerch: - Issue close_status updated to: Invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.